"ssl_stapling" ignored, no OCSP responder URL in the certificate

1

I have “ssl_stapling” ignored, no OCSP responder URL in the certificate erros in /var/log/nginx

Is this an issue?

I am having issues when issuing SSL certificates

Error: Let’s Encrypt validation status 400 (mail.domain.pro). Details: 403:“111.11.111.111: Invalid response from http://mail.domain.pro/.well-known/acme-challenge/2KFlR4pfSmpUJthMSK_v3rRIsgBADU8Z5bpCE24gcgU: 404”

These errors are for domains that have been running on the server form last 4 months. We have around 300-400 domains on the server.

2

Suggest try the various threads here: Search results for 'ocsp order:latest_topic' - Hestia Control Panel - Discourse

3

Check max open files ..

Probally to low ..

4

No, it isn’t. Let’s Encrypt has removed the OCSP URLs from their certificates, but most of the templates in Hestia still use the directive ssl_stapling on;. That’s why you’re seeing the warning but there’s no need to worry about it.

Regarding open files… I’ve written a small script that checks the current files used by Nginx and Apache2 processes and compares them with the current soft limits assigned to each process. If the number of open files exceeds the defined threshold (80% by default), it will display the count in red.

Text example:

❯ curl -fsSLm10 https://7j.gg/chknof | sudo bash -s --
Checking services nginx apache2
The open files limit threshold has been set at 80%

Process 1936 :: /usr/sbin/apache2 -k start
Current open files:   85
Limit for open files: 8192

Process 21887 :: /usr/sbin/apache2 -k start
Current open files:   84
Limit for open files: 8192

Process 21890 :: /usr/sbin/apache2 -k start
Current open files:   92
Limit for open files: 8192

Process 21892 :: /usr/sbin/apache2 -k start
Current open files:   92
Limit for open files: 8192

Process 1840 :: nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
Current open files:   53
Limit for open files: 1024

Process 22082 :: nginx: worker process
Current open files:   56
Limit for open files: 65535

Process 22083 :: nginx: worker process
Current open files:   56
Limit for open files: 65535

Process 22084 :: nginx: worker process
Current open files:   56
Limit for open files: 65535

Process 22085 :: nginx: cache manager process
Current open files:   53
Limit for open files: 65535

Screenshot examples:

imagen
imagen955×906 184 KB

imagen
imagen955×906 184 KB

5

Open files do not seem to be an issue. I increase the limits a while back when I had the same exact issue.

curl -fsSLm10 https://7j.gg/chknof | sudo bash -s –

Checking services nginx apache2
The open files limit threshold has been set at 80%

Process 3797068 :: /usr/sbin/apache2 -k start
Current open files: 1794
Limit for open files: 8192

Process 3797135 :: /usr/sbin/apache2 -k start
Current open files: 1792
Limit for open files: 8192

Process 3797390 :: /usr/sbin/apache2 -k start
Current open files: 1801
Limit for open files: 8192

Process 3797741 :: /usr/sbin/apache2 -k start
Current open files: 1801
Limit for open files: 8192

Process 3797911 :: /usr/sbin/apache2 -k start
Current open files: 1801
Limit for open files: 8192

Process 3508133 :: nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
Current open files: 1670
Limit for open files: 262144

Process 3811240 :: nginx: worker process
Current open files: 1664
Limit for open files: 262144

Process 3811241 :: nginx: worker process
Current open files: 1663
Limit for open files: 262144

Process 3811242 :: nginx: worker process
Current open files: 1663
Limit for open files: 262144

Process 3811243 :: nginx: worker process
Current open files: 1662
Limit for open files: 262144

Process 3811244 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811245 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811246 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811247 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811248 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811249 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811250 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811251 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811252 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811253 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811254 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811255 :: nginx: worker process
Current open files: 1660
Limit for open files: 262144

Process 3811256 :: nginx: cache manager process
Current open files: 1641
Limit for open files: 262144

v-add-letsencrypt-domain inquire domain.com ‘’ yes

Error: Let’s Encrypt validation status 400 (mail.domain.com). Details: 403:“111.111.1.111: Invalid response from http://mail.domain.com/.well-known/acme-challenge/LYvCgsx8EJKdMrtPp5cQzFQMs3CrZ7FgQ981MNi3Q4I: 404”

Checked on Let’s debug and all good here: All OK!

OK

No issues were found with mail.domain.com. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.

6

In this case it’s important to share the actual domain name.

7

So this has been happening for multiple domains and once I change the IP for a domain, the issue is resolved.

8

So you have multiple public IPs in your server and it only works with some of them?